Cherry-pick #22064 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #22064
Original commit: 6be7b2f7b7
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
* web: Captcha Refinements, Part 2 (#19757)
* Move inline styles into separate file.
* Fix preferred order of captcha vendor discovery.
* Clean up mutation and resize observer lifecycle.
* Flesh out controllers.
* Tidy refresh.
* Fix incompatibilities with Storybook.
* Flesh out captcha stories.
* Bump package.
* Flesh out stories.
* Move inline styles into separate file.
* Fix preferred order of captcha vendor discovery.
* Clean up mutation and resize observer lifecycle.
* Flesh out controllers.
* Tidy refresh.
* Remove unused.
* Bump package.
(cherry picked from commit 388f4262b5)
* web: Fix duplicate Turnstile widgets after extended idle (#21380)
* Flesh out turnstile fixes.
* format
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
(cherry picked from commit 59ac8ba597)
* web: align captcha stage with post-21380 main drift
Picks up the non-PR-#21380 changes to captcha files that are already on
main: `.style-scope` selector variants in CaptchaStage.css (from #20134)
and `export default CaptchaStage` (from #20397). Both are functionally
inert on this branch — no code applies the style-scope class to
ak-stage-captcha, and no importer uses the default export — but
including them keeps the cherry-pick zero-drift against main.
* bump.
* Enforce strict tsconfig version. Format.
* Fix linter warning.
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Teffen Ellis <592134+GirlBossRush@users.noreply.github.com>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
* Cherry-pick #21833 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #21833
Original commit: b66024f26f
* fix conflicts
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
Cherry-pick #21701 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #21701
Original commit: cce646b132
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
# Conflicts:
# authentik/providers/oauth2/tests/test_device_backchannel.py
# authentik/providers/oauth2/views/device_backchannel.py
Co-authored-by: Sai Asish Y <say.apm35@gmail.com>
providers/oauth2: device code flow client id via auth header (#20457)
* Use `extract_client_auth` which can get client id from either HTTP
Authorization header or POST body
* Update documentation to reflect allow sending client id via header
* Add tests for using HTTP Basic Auth to pass in client id
Co-authored-by: Michael Beigelmacher <brooklynbagel@gmail.com>
Cherry-pick #21513 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #21513
Original commit: c84c8d86f8
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
Cherry-pick #21746 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #21746
Original commit: 189056e19a
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
Cherry-pick #21520 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #21520
Original commit: 76a5e62405
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Marcelo Elizeche Landó <marcelo@goauthentik.io>
* Cherry-pick #21219 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #21219
Original commit: 9fc8df0838
* fix
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
web/admin: handle non-string values in formatUUID to prevent Event Log crash (#20804)
fix(web): handle non-string values in formatUUID to prevent Event Log crash
When event context contains a device with a non-string pk value,
formatUUID crashes with TypeError: s.substring is not a function,
preventing the entire Event Log page from loading.
Add a type guard to coerce non-string values to their string
representation instead of crashing.
Fixes#20803
Co-authored-by: Tyson Cung <45380903+tysoncung@users.noreply.github.com>
Cherry-pick #20984 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #20984
Original commit: 046bc8ac98
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
Cherry-pick #20719 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #20719
Original commit: 6b207ca73a
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
website/docs: kerberos: add note about caching (#20663)
* Add note about caching
* Update website/docs/users-sources/sources/protocols/kerberos/index.md
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
internal: make http timeouts configurable (#20472)
* internal: make http timeouts configurable
* Changed formatting to match the rest of the doc
---------
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens L. <jens@goauthentik.io>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
* Cherry-pick #20489 to version-2025.12 (with conflicts)
This cherry-pick has conflicts that need manual resolution.
Original PR: #20489
Original commit: 9da1014271
* Update index.mdx
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
* Update index.mdx
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
---------
Signed-off-by: Dewi Roberts <dewi@goauthentik.io>
Co-authored-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
authentik-automation[bot]
Jens L.